think tank: Zentyal Desktop Linux (zentyal-optimised version of ubuntu desktop)

[ichat]

Here is a thinktank topic: 
All offtopic posts shall be removed from this tread...

As most people of you already noticed, zentyal desktop (the ubuntu package) has a long way to go, and perhaps doesn't seam to get there quickly.. 

Due to popular demand, a lot has already been said about this topic.. and many posts have addressed the matter, explained parts of it, or brought its importance to our (the community's) attention.

I started this topic to find and explore a common interest in a beter intergration between  zentyal and a specially designed build of ubuntu desktop edition...

the goal of this thread is to find and debate the best possible way to integrate the two using as litle means as possible.

 in the end a complete and very detailed guide should be made available so that anyone can benefit from a free and opensource  SBS server with enterprise ready desktop intergration...

this should all happen in a way that makes automation (via scripting, re-engeneering, tweaking)  possible in the 'near' future.

[ichat]

in this 2nd post, i will update a list of posts that are in accordance to this tread,

idea's, opinions, questions, remarks, and other relalated to this topic will be listed here...

feel free to send me notice of such posts if they are not already listed here...   
i will try to update this post frequently...

[Jan Jacobs]

i guess it all comes down to synchronisation of certain directory's that allow a linux user to take with him his own desktop, regardless of what workstation hes accessing.
At least, thats what my definition of the zentyal-desktop package is

[ichat]

There is so much more to it than just that

For example  which folder what protocol, and why.
And also which application should be picked for a specific task,
Since we're basically building our own desktop, these are all questions that demand an answer.
before we even talk about 'it all comes to sharing folders' 

 But also what other problems are there to overcome



post edit for spelling corrections

[robb]

I think we have to put some boundaries on this discussion. We are trying to make Zentyal a better product, so Zentyal should be considered the central server in the network. LDAP implemented in Zentyal is the central (user)management environment. This rules out Windows AD servers.

There are 2 things to consider on this topic:
- administration and safety
- usability

I have too little linux experience to make statements about safety, but the useability I can think of a few things that just should work out of the box:

Availablility of network resources (shares/printers/intranet/VoIP/etc..)after login (either in the windows way like logging on to a domain, or the linux way by authentication each time against LDAP)

IMO the windows way has some advantages because you can have more control over the clients from a central point.

Logging on the LAN can be tweaked by using login scripts to make network resources available.
Using VPN I didn't see a same option yet to automaticly run those scripts after connecting with VPN. Maybe I haven't seen all the options of the OpenVPN client yet??
Availability of services/resources while offline is another story. Some data needs to be available all times. Data modified or generated offline, should somehow get synced on the network, for backup and availability purposes.

[christian]

Rob,

You are touching the point that makes me reluctant when I see requests to "join domain" with Linux client.
- Windows clients are joining Windows domain (nowadays getting most of the time Kerberos ticket)
- Unix/Linux clients were joining NIS (NIS+) domain but this is now deprecated and replaced by LDAP back-end.

There is no real convergence because these two above domains, although wording is the same, exhibit very different feature. Unfortunately, there is a strong willingness, on top the objective that is to share resources between Windows and Linux clients, to mimic Windows behaviour with Linux client.
The real added value of Windows domain, at least since Win2000, is the GPO capability providing, as you rightly wrote, more (central) control over Windows clients.
Achieving the same on Linux side is a bit trickier.

Another aspect we discussed in parallel about this topic is willingness to mimic Windows roaming behaviour. Here again, if it can be done, this doesn't match what Windows does. And the reason is not central authentication (LDAP works well and Kerberos could even be deployed) but all the mechanism on Windows side permitting to:
- automatically synchronize on-line / off-line folders
- more difficult, all the mechanisms around account management:
   - off-line authentication
   - automatic account creation when known users authentication from new machine.

Because of all these above points, I fully share that we do need to border our scope.

If we look one step closer, tools exist to move toward "Windows like" behaviour:
- SSSD for authentication.
- TsumuFS for NFS data synchronization.

Still this doesn't provide integration level and control Windows users are dreaming of.

Interesting topic isn't it? 

[ichat]

if it were all up to me,  i would vote for a tendancy toward linux in all features...

example:  if you want roaming profiles, or  single sign on,   provide these services on a 'best linux way'  and dont even look at windows clients... 

if you really need or want windows clients so mutch, just script them to mimic zentyal procedure... i would be more than willing to help you to impelemt  roaming profiles the windows way (via windows powershell scripts, or vba scripts to name a few examples) this for a small fee ofcource  :-)

at this point zentyal needs to get a certian focus, and if that focus should be a complete  sbs- solution, than it should get an enterprice grade desktop besides it..

therefor if the linux way and the windows way  should collide at some point...  we should make a discion and than stick to it...

for a central management 'tool'   i guess we should just look at what policykit has to offer and start working from there...

[Jan Jacobs]

i agree with ichat, there's no point in making it work with windows, you might as well USE windows then.
And as such, i too would focus more on Linux and less on Windows..

However, windows DOES have some nice features (like the above mentioned GPO and roaming profiles) that might make linux easier to be accepted in the office.
So these are definatly point's i'd take into consideration when we're setting the boundaris of this "project"

[robb]

So it comes to a point that we have to define what _features_ we want and/or need in the Zentyal Desktop. I find it rather difficult to not look at the windows feature and just say lets 'copy' those. Also I find it difficult to stick with features and not immediately match (possible) solutions.

Therefore I think we should start making a list of functionality that should be provided in a Zantyal Desktop. Some of those features can be explicit, but there also will be some rather subjective.

What I can think of:

- Smooth (lightweight) desktop experience, so low end clients are still usable (one of those subjective features... )
- Secure access to network file systems
- Centrally controlled client management (updates, software distribution, lockdown)
- Centrally controlled login management. (user management is more a server side thing?)
- SSO
...

I think we should first extend this list. After we have a fully featured list, we can start thinking of possible solutions to provide these features.

[stuartiannaylor]

Windows is a problem in that newer versions are becoming completely relient on active directory for configuration. Vista and Win7 are already a pain to configure.
Samba4 is the answer but it is still to be released.

Linux and windows have different user / group authentication schemes that don't map at all well.
The new samba release 3.6 has done much to bring these together with smb and smb2.

Also if you have LTSP then the desktop becomes part of a private cloud and the whole becomes more manageable.

With the desktop you need some form of SSO which more than likely will be via kerberos.

To get tighter windows / linux intergration you need samba 3.6 really with new clients you will eventually need samba 4.
Also reading through 3.6 release notes LDAP hasn't been intergrated yet.
 

[christian]

Samba4 is the answer but it is still to be released.

Samba4 is the answer in a full Windows world 
Like Zarafa aims at replacing Exchange so that Outlook feels "at home", Samba4 aims at replacing both CIFS files server and Windows Domain controller, faking AD and Windows domain controller better than previous Samba versions. (AD semantic in own LDAP server, AD DNS support, internal kerberos...)

So the next challenge for company willing to fight against Microsoft could be as simple as Samba4 + Zarafa.
Both will provide, thanks to embedded features, Windows like:
- domain controller
- kerberos (and Windows like authentication)
- file server
- DNS support
- mail server for Outlook clients

The only point I would like to discuss here is whenever Oracle is going to propose something to continue fighting gaianst Microsoft. Oracle could be the company offering service based on this Samba4 + Zarafa bundle 

So, I don't feel Samba4 will help converging toward backend unifying services Windows and Linux clients. It's one step toward Windows clients only.... which is not bad if your landscape is made of such clients 
If you already operate open infrastructure with your own LDAP, Kerberos and non-Windows back-end, I frankly don't see the added value 

[stuartiannaylor]

Trying to get rid of windows clients is culturally very hard. That is why I have been pushing for LTSP. The reduction in client admin via terminal services tip a balance in favour of a Linux client. (thats how I see things)

I am glad you commented as I don't think you will get a zentyal desktop convergance at this point with windows and linux clients.
My suggestion is two run two branches for each platform that may differ.
 

[christian]

I share, trying to get rid of Windows might no be feasible.
Has this to be a goal? I don't think so. It's a matter of choice or constraints.

So my purpose is not to discuss whether Windows is better or not but is to replace everything in the right (at least from my standpoint  ) perspective:
Samba4, like Zarafa, is designed for Windows clients first. Period.
If this is what you have or what you target, it's perfect.
For others, either think twice of be ready for some trade-off 

[ichat]

i should comment on this,  for 2 reasons,

1:  budget,
2:  software stabillity...

1:  zentyal at this point is a small be steadely growing project, but it lacks decent desktop intergration...
what people are saying here is that dropping windows support is a bad idea...   but i disagree,

we already have smb support, and our current implementation even lets us run it as a domain controller.
its not the world ... but its way more than linux has...

in the mean time we still have to deal with the lack of a stable smb4 version, its simply not there, and even so far from production ready...
 
in that sence we can either start trying all kinds of  patches,  code hacks or even creating our own patches to current samba 3 code...    or we could  just wait for smb4  .. and in the mean while leave windows as it is.. maybe provide client side support (like batch file scripting to mimic some features) but dont go through endless trouble fighting for a lost cause...

no we should focus on some features that we can achieve...  for examle  creating a linux desktop that mimics the exact windows + ms smallbuisness server (sbs) level of intergrating,  BUT based on 100% linux compatible  services and protocols...

this way,  as a system admin you have 2 choices,  either install a fully working and intergrated  linux desktop, or  install your windows client and still have some basic intergrations,   in the end you could still write your own scripts - and in good time sure   samba4 will be availible, and sure  we should than  add full support for it...   

but we cant work with tools that arn't there...  no'r should we try...  so please dont waste time on it in the mean while,  while we could have been working on something that IS possible...  namely a linux desktop intergration that could also be the base for an  LTSP.

but than again, my standpoint is only as a developer, and only in the direct choice between either windows or linux support,  and even than, only based on the current situation regarding software availibillity 

i want windows support too, just not at the cost of everything else...

[stuartiannaylor]

I have sort of capitulated with idea of a windows desktop @ the moment. There is much in the linux arena that is just about to emerge that will provide much as linux as a fake AD. Until then the new clients Vista / Win7 are a cause of complexity.

I am interested in how a Linux distribution should be formed and the possibilities of providing a standard platform would add much to concentrate and fix a focal point.

I posted a link from the Economist and getting away from religious bias, morality or socialism; the article did raise one important point.
http://www.economist.com/node/21527031

There are also legal motivations. Commercial software such as Microsoft Word is widely pirated in many parts of the world, by Catholics as well as others. Mr Fioretti advocates the use of open-source software instead, because he doesn’t want people “to violate a law without any real reason, just to open a church document”.

Every week I watch (under priviledged) people being trained to use commercial products that have perfectly good free equivalents.
This seems quite perverse as without doubt it does force piracy for something as simple as the creation of a C.V.

Much could be offered and in conjunction with LTSP my client costs and administration would be cut.